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after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 17 August 2006 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 23.24.26-35 and 40-51 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 23.24,26-35 and 40-51 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) S The drawing(s) filed on 01 March 2002 is/are: a)El accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

1 2) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachments) 

1) ^ Notice of References Cited (PTO-892) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 

Paper No(s)/Mail Date . 



4) n Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CD Notice of Informal Patent Application 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20061020 



Application/Control Number: 10/090,543 



Page 2 



Art Unit: 2131 



DETAILED ACTION 



1. 



This is in response to the arguments filed on 17 August 2006. 



2. 



Claims 23, 24, 26-35 and 40-51 are pending in the application. 



3. 



Claims 23, 24, 26-35 and 40-51 have been rejected. 



4. 



Claims 1-22, 25, 36-39 and 52-63 have been cancelled. 



Response to Arguments 



5. Applicants arguments with respect to claims 23, 24, 26-35 and 40-51 have been considered 
but are moot in view of the new ground(s) of rejection. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 



6. Claims 23, 26-30, 32, 33, 40, 41, 43-46, 48 and 49 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Villa et al et al U.S. Patent No. 6,550,012 Bl. 

As to claims 23, 33, 41 and 49, Villa et al discloses that the host device routes the data to 
the firewall device is to be processed by the hardware-implemented firewall [column 8, lines 38- 
55]. Villa et al discloses that the routing takes place at a physical layer in the data stack [column 
8, lines 38-55]. 



Claim Rejections - 35 USC § 102 
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As to claim 26, Villa et al discloses a method of providing security in a network having a 
network interface device that makes a network connection without a firewall capability in the 
communication interface device that is required by the network for data transfer between the 
network and a host device using the network interface device, the method comprising: 

a) allowing a connection to the network to be established when the host 
device uses the network interface device without the required firewall capability 
only if a firewall device comprising a hardware implemented firewall is coupled 
to the host device [column 8, lines 38-55]; 

b) receiving data from the network over the connection establish via the 
communication interface device [column 14, lines 15-32]; 

c) processing the data with the hardware implemented firewall [column 
14, lines 15-32]; 

d) transferring the processed data to the host device [column 14, lines 15- 
32]; and 

e) performing a configuration integrity check of a software component on 
a host device, wherein the configuration integrity check is performed before the 
network connection is allowed, wherein the connection is allowed if the 
configuration integrity check passes [column 14, lines 15-32]. 

As to claim 27, Villa et al discloses that e) comprises performing the configuration 
integrity check by performing a hash on the software component to produce a hash value and 
comparing the hash value with a stored hash value [column 15, lines 43-54]. 
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As to claims 28 and 44, Villa et al discloses that the stored hash value resides on the 
firewall device [column 15, lines 43-54]. 

As to claims 29 and 45, Villa et al discloses the method further comprising: 

f) sending an alert if the configuration integrity check fails [column 14, 
lines 41-58]. 

As to claims 30 and 46, Villa et al discloses the method further comprising: 

g) storing an alert if the configuration integrity check fails [column 14, 
lines 41-58]. 

As to claims 32 and 48, Villa et al discloses transferring data to be transferred over the 
network by the communication interface device to the firewall device [column 8, lines 38-55]. 
Villa et al discloses processing the data with the hardware-implemented firewall [column 8, lines 
38-55]. Villa et al discloses that the data is processed by the hardware-implemented firewall 
before it is transferred over the network connection established via the communication interface 
device [column 8, lines 38-55]. 

As to claim 40, Villa et al discloses a method of providing security in a network having a 
network interface device that makes a network connection without a firewall capability in the 
communication interface device that is required by the network for data transfer between the 
network and a host device using the network interface device, the method comprising: 

allowing a connection to the network to be established when the host 
device uses the network interface device without the required firewall capability 
only if a firewall device comprising a hardware implemented firewall is coupled 
to the host device [column 8, lines 38-55]; 
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receiving data from the network over the connection establish via the 
communication interface device [column 14, lines 15-32]; 

processing the data with the hardware implemented firewall [column 14, 
lines 15-32]; 

transferring the processed data to the host device [column 14, lines 15-32]; 

and 

performing a configuration integrity check of a software component on the 
host device by performing a hash on the software component to produce a hash 
value and comparing the hash value with a stored hash value [column 14, lines 
15-32]. 

As to claim 43, Villa et al discloses that the configuration integrity check is performed 
before the network connection is allowed and wherein the connection is allowed only if the 
configuration integrity check passes [column 14, lines 15-32]. 
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Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 24, 34, 35, 42, 50 and 51 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Villa et al et al U.S. Patent No. 6,550,012 Bl as applied to claims 26, 40 

and 52 above, and further in view of Mayer U.S. Patent No. 7,003,562 B2. 

As to claims 24 and 42, Villa et al does not teaching sending policies to the firewall 
device and that the operation of the hardware implemented firewall is modified. 

Mayer teaches sending updated network wide policies to network devices [column 4, 
lines 5-44]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Villa et al so that updated security policies would 
have been sent to the firewall and the operation of the hardware implemented firewall would 
have been modified. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Villa et al by the teaching of Mayer because it helps 
pinpoint network deviations [column 2, lines 38-54]. 

As to claims 34 and 50, Villa et al teaches performing a configuration integrity check of a 
software component on the host device [column 14, lines 15-32]. 
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Villa et al does not teaching sending policies to the firewall device and that the operation 
of the hardware implemented firewall is modified [column 5 line 59 to column 6 line 37]. 

Mayer teaches sending updated network wide policies to network devices [column 4, 
lines 5-44]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Villa et al so that updated security policies would 
have been sent to the firewall and the operation of the hardware implemented firewall would 
have been modified. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Villa et al by the teaching of Mayer because it helps 
pinpoint network deviations [column 2, lines 38-54]. 

As to claim 35 and 51, Villa et al teaches the method further comprising: 

sending an alert if the configuration integrity check fails [column 14, lines 

41-58]. 

8, Claims 31 and 47 are rejected under 35 U.S.C 103(a) as being unpatentable over Villa et 
al et al U.S. Patent No. 6,550,012 Bl as applied to claims 26 and 40 above, and further in 
view of Hallinan et al et al U.S. Patent No. 6,996,614 B2. 

As to claims 31 and 47, Villa et al teaches g) the communication interface device 
transferring data received from the network in b) to the firewall device [column 14, lines 15-32]. 
Villa et al teaches that the firewall device processes the data with the hardware implemented 
firewall [column 14, lines 15-32]. 
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Villa et al does not teach f) swapping resource spaces in the host device that are reserved 
for the communication interface device and the firewall device. Villa et al does not teach that the 
host device treats the communication interface as the firewall device and vice versa. 

Hallinan et al teaches swapping resource spaces in a host device [column 7 line 13 to 
column 8 line 13]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Villa et al so that there would have been a step to 
swap resource space in a host device that was reserved for the communication device and the 
firewall device. The host device would have treated the communication device as the firewall 
device and vice versa. The communication interface device would have transferred data received 
from the network to the firewall device. The hardware implemented firewall would have 
processed the data. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Villa et al by the teaching of Hallinan et al because 
selection of inappropriate resources resulting in additional resources being obtained from the 
service provider to satisfy subsequent resource requests, and the consequent accumulation of 
resources in the resource pool, can be avoided [column 4, lines 45-67]. 
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Conclusion 



9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Aravind K Moorthy 
October 25, 2006 
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